Banking Trojan

The banking trojan, a type of malware designed to exploit and damage computer systems or devices, has been evolving rapidly with new strains and tactics targeting users worldwide. In 2024, the ToxicPanda Android banking trojan emerged as a significant threat, specifically targeting Europe and Latin America, with a focus on Italy. This malware intercepts one-time passwords sent either by text or authenticator app, thereby dismantling multifactor authentication protections. It's part of a growing trend among banking trojans like Medusa, Copybara, and BingoMod that use stripped-down, manual approaches, bypassing many cybersecurity protections used by financial services and banks. In Brazil, another banking trojan named GoPIX targeted the PIX real-time payment system, implementing clipboard monitoring to change keys and steal payments. This technique is becoming increasingly common among banking trojans, which have also begun to target cryptocurrency sites directly or intercept user clipboards for data theft. According to KSN statistics gathered from January to October 2024, of the top 30 banking Trojan families detected worldwide, 11 were of Brazilian origin and accounted for 22% of all detections. However, future developments in mobile banking trojans may face challenges due to Google's restrictions on the Accessibility permission in newer Android versions, making it harder for malware to apply tricks like ATS. Meanwhile, a new botnet initially suspected to be part of the Toxic banking Trojan family was identified as a separate strain dubbed ToxicPanda. Another Android banking Trojan called FakeCall demonstrated the ability to hijack phone calls made to banks, mainly targeting users in South Korea, with enhanced evasion and data-stealing capabilities. These developments underscore the escalating threat posed by banking trojans and the need for robust cybersecurity measures.